PowerScripting PodcastThis is my favorite. You can start all the way back at episode 0 and use it as a PowerShell tutorial during your commute. The more recent episode have great topical conversations and interviews.

In a previous post I created a report of all organizational units (OUs) and sites with their linked group policy objects (GPOs). This report gives visibility to all of our group policy usage at-a-glance. Since this is one of my most popular downloads I thought it was time to give it a fresh coat of paint. Today I am releasing two significant updates:

After using the script at a customer site recently I noticed that the OU list was in no particular order. Child OUs were listed randomly and not under their parent OUs. Not sure how I missed this the first time around.

In continuing the forensics theme, I thought it would be swell to add some good old fashioned AD Replication Attribute Metadata for tracking the changes to these GPO links.

Someone just now added Jimmy to the Domain Admins group! How do I know? Because I used PowerShell to check. Let me show you how.

Some of the best customers that I visit get email pages when high value group memberships change. Obviously this is strongly encouraged for IT shops of any size. Of course you can buy products to do this, but here on my blog we build these tools ourselves. It’s more fun and FREE with PowerShell.

Hello, everyone. Today I have a short post with some helpful links to share. If you are in the US, I hope you have a good Thanksgiving holiday week and not too much after-hours support. Spending time with family is refreshing for me at the holidays. ...

Welcome! Today’s post includes demo scripts and links from the Microsoft Virtual Academy event: Using PowerShell for Active Directory. We had a great time creating this for you, and I hope you will share it with anyone needing to ramp up their AD PowerShell skills.

I built extra secret demos that you have never seen before on my blog or at any conference presentations I have given to date. I guarantee everyone from beginners to seasoned scripters will pick up new techniques in this free training.

Whew. This has been a busy season for speaking, blogging, and recording. I’ve spent more time on airplanes than in my office at home for the last few months. It’s all good, and I want to share it with you.

Reduce Server Outages Using PowerShell Desired State Configuration - Ever configured a server only to find someone changed it? Ever tracked an outage back to an unauthorized change? Tired of manually configuring new server builds? Come learn how PowerShell Desired State Configuration can help you save time building servers and reduce outages.

This week I am presenting a session on GPO migration at TechMentor Redmond 2014. This is an expanded version of the session I gave at the PowerShell Summit back in April. I received feedback in April that WMI filters must be supported before this would be considered a viable solution. So I went back to my lab, integrated some code from the TechNet Script Center, and we have version 1.1 now, including WMI filter migration.

While working on DNS automation for a customer recently I needed some quick scripts to inventory Active Directory-integrated DNS server and zone configurations. All too often the way we think things are configured does not match reality. Are the forwarders consistent and correct? Is scavenging enabled where you thought it was? Do the right zones have aging enabled? Are the zones stored at the domain or forest level? Today's script is an easy way to check.

Over the years on this blog I have created a number of short links to my most popular posts. I thought it might be handy to post a greatest hits list of these short links for easy reference and sharing. Enjoy!

I know this post is a little late, but I wanted to offer some helpful information that I picked up at the PowerShell Summit last month. This post is packed with links to keep you surfing high-value PowerShell content for days.

Have you ever wanted to copy all of your production Group Policy Objects (GPOs) into a lab for testing? Do you have to copy GPOs between domains or forests? Do you need to migrate them to another environment due to an acquisition, merger, or divestiture? These are common problems for many administrators.

There are VBScripts provided with the Group Policy Management Console (GPMC), but that is so "last decade". (Really. They were published in 2002.) What about WMI filters, OU links, login scripts, and embedded credentials? I’ve drafted a PowerShell module to do this with speed and style. This post discusses the pitfalls, preparations, and scripts for a successful GPO migration.

Have you ever had to repopulate a batch of corrupted attributes or properties for a large set of Active Directory objects? (Think Exchange or Lync, for example.) The Active Directory Recycle Bin is great for recovering deleted objects, but it will not help with corrupted objects. Authoritative restore is the textbook option, but there is a better way. Yes, you can buy expensive third-party products to do this, or you can use the free features in the box for your own attribute-level recovery solution for Active Directory. This blog post will explain how.

Today's post gives you a script to crawl your file shares and document the AD users and groups referenced in NTFS permissions. I’m sure others have published similar scripts, but I want to approach it from the angle of Active Directory group cleanup. Using this output together with the script from my last post will give you plenty of insight to go after stale groups.

What would we do without file shares? Well, actually, we would use SharePoint or OneDrive. The truth is file shares have been around for decades, and in most cases mission critical data resides there. But who can access that data? That is the big question, and many of us cannot give a complete answer.

“Most companies clean up stale users, a few companies clean up stale computers, but no one cleans up stale groups.”

Generally it is easy enough to tell if a computer or user account is stale, but how do we do that for groups? Today’s post is going to give you some reports to analyze group staleness, population, and duplication.

Tired of copying and pasting scripts from the internet? Want to write your own scripts? Become the go-to scripter on your team. This session will break down the scripting process into logical steps you can follow. Learn how to wrap cmdlets into scripts into functions into modules that you can reuse and share with your team.

Usually I like to offer deep technical content on the blog, but today I’m going to keep it simple. Everyone should be keenly aware that Windows XP support officially ends on April 8, 2014. Many companies are migrating from Windows XP and need a quick script to check their progress. This is a simple solution with a couple variations to meet your needs.

Set your watch for January 1, 1601, Marty. Today we’re working with crazy dates in Active Directory PowerShell.

If you have ever tried to script out Active Directory reports that included date fields, then you have likely run into this challenge. There are “real” dates, and then “those” dates. You know… the ones that just look like a bunch of numbers. Today’s post shows you how to make sense of those crazy Int64 date fields.

Give a man a script; feed him for a Get-Date. Teach a man to script; feed him for a New-TimeSpan.

Lao Tzu, 4th century BC

Tired of copying and pasting scripts from the internet? Want to write your own scripts? Become the go-to scripter on your team. This post will break down the scripting process into logical steps you can follow. Learn how to wrap cmdlets into scripts into functions into modules that you can reuse and share with your team.

Atlanta-bound
I am drafting this post from the airplane as I make my way to Atlanta, Georgia USA for PowerShell Saturday 005 . I am looking forward to spending the weekend with folks who share my passion for PowerShell. I’ll get to reconnect...

Last year I published a script on the Hey Scripting Guy blog to review the AD schema. This comes in handy when you want a report on the history of schema changes in your forest and the related OIDs. The script lives on the TechNet Script Gallery, and...

Announcements

Before we jump into today’s script here are some current events:

This blog post celebrates three years of PowerShell blogging on TechNet as GoateePFE. It has been a great ride, and I am far from done. See the most popular posts here. Thank you for making this blog successful.

The PowerShell Deep Dives book is out now. I contributed a chapter on Active Directory token bloat taken from my SID history blog series. This book has a ton of great chapters by a ton of great people. All the proceeds go to Save The Children. Buy your copy today.

If you haven’t had a chance to watch the Microsoft Virtual Academy recordings Getting Started with PowerShell 3.0 Jump Start and Advanced Tools & Scripting with PowerShell 3.0 Jump Start then you need to put them on your list. Jeffrey Snover and Jason Helmick do a fantastic job of covering everything you need to know to get started with PowerShell. Make time for this over several lunches or knock it out in a couple training days. These videos will seriously boost your career. You could even gather the family around with a bowl of popcorn.

PowerShell Saturday 005 is coming up October 26th in Atlanta, Georgia. My session is titled It’s Time To Part With Blankie: Moving from command line tools to PowerShell for Active Directory. If you’re in the area stop by for a good time with several PowerShell celebrities. I’m looking forward to Ed Wilson’s session PowerShell Workflows for Mere Mortals.

Now for today’s topic…

XML vs. IT Pro

Maybe I haven’t looked hard enough, but I’ve just not found any clear documentation aimed at IT Pros for what I am posting today. As an IT Pro type guy (not a .NET type guy) I have avoided XML for years. CSV and HTML are so much easier. XML seems to be a labyrinth of complexity in my mind, and it still is, at least from a PowerShell perspective. The object model is convenient, but trying to navigate it loses me. Yeah, I know XML makes the world a happy place, but I’m just not there yet.

Despite this disparaging disclaimer I believe I have drafted a script that will help many of us IT Pros as we weed through event logs (or ETL trace files or EVTX files).

Events: The good, the bad, and the ugly

The good: PowerShell works with event logs out of the box. You have two cmdlets: Get-EventLog and Get-WinEvent. Get-WinEvent is the one we’re all supposed to use now.

The bad: All of a sudden reading event logs gets complicated. The filtering in particular requires some crazy syntax. We are far removed from the simplicity of DUMPEL. PowerShell team blog posts from 2009 here and here attempt to make this look routine. Um… yeah.

The ugly: All of the juicy nuggets of event data in the message body are stored in XML. And nearly every combination of event ID and provider has a unique event schema for storing the data we want. Neo’s MSDN blog post gets us most of the way there. AskDS and Hey Scripting Guy show how we can use the GUI to help write the XML filter syntax. Now my head is spinning. This is the farthest point from intuitive. Don’t even get me started on XPATH.

Note: In all fairness to the product this data structure is necessary. All events have a few common properties like provider, ID number, date/time, source, etc. But in order to capture the unique details of each event we needed a way to store a variable number of properties. So the design is good, just a bit complicated to script.

In the life of every scripter you will come to challenges like this. You just have to cowboy up and dive in.

The thing I’ve not seen in these blog posts is how to dump out the event message data in a CSV file where I can easily report and manipulate the data I need. For example, if I’m collecting logon failure event 4625, then I want the guts of the message body in separate columns where I can easily summarize and report on the user and computer accounts involved. While I can harvest event logs from multiple servers in the GUI, it is just not friendly for mass reporting, sorting and visualization like Excel. This is the problem I am trying to solve.